EP3554000B1 - Validation code based verification method and device - Google Patents

Validation code based verification method and device Download PDF

Info

Publication number
EP3554000B1
EP3554000B1 EP17879427.7A EP17879427A EP3554000B1 EP 3554000 B1 EP3554000 B1 EP 3554000B1 EP 17879427 A EP17879427 A EP 17879427A EP 3554000 B1 EP3554000 B1 EP 3554000B1
Authority
EP
European Patent Office
Prior art keywords
verification
character
verification code
user
character string
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP17879427.7A
Other languages
German (de)
French (fr)
Other versions
EP3554000A1 (en
EP3554000A4 (en
Inventor
Chao XIU
Lei Wang
Xing Chen
Chuanzhi LI
Yongzhi Zhang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Original Assignee
Advanced New Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced New Technologies Co Ltd filed Critical Advanced New Technologies Co Ltd
Priority to PL17879427T priority Critical patent/PL3554000T3/en
Publication of EP3554000A1 publication Critical patent/EP3554000A1/en
Publication of EP3554000A4 publication Critical patent/EP3554000A4/en
Application granted granted Critical
Publication of EP3554000B1 publication Critical patent/EP3554000B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present application relates to the field of computer technologies, and in particular, to a method and apparatus for verification based on a verification code.
  • a verification code also referred to as Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)
  • CPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart
  • the verification code can be used to determine whether an operator is a user or an unauthorized program.
  • the verification code can prevent unauthorized operations such as a malicious attempt to log in to a user account, cracking of a user password through enumeration, or sales volume manipulation or speaking through script control.
  • the verification code is usually displayed by using the following methods:
  • a first method as shown in FIG. 1a , the verification code is expressed by using a number or a text, and a background is added into a verification code display area, or the number or the text is distorted, to improve interference of the verification code.
  • a second method as shown in FIG. 1b , a plurality of pictures and prompt information are provided, so that the user recognizes a corresponding quantity of specific pictures from the plurality of similar pictures based on the prompt information.
  • the verification code is displayed by using a relatively complex method. Although an unauthorized script's automatic recognition can be interfered with, additional interference is also caused to the user. In other words, after the previous verification code is displayed to the user, a possibility that the user incorrectly recognizes the verification code increases. If an error occurs, the user needs to refresh the verification code and continue to recognize the newly generated verification code, until the verification succeeds. Hence, the previous verification process in the existing technology possibly takes a long time. In particular, when a recognition error occurs, the user needs to repeatedly perform verification.
  • Implementations of the present application provide a method for verification based on a verification code, to alleviate a problem in the existing technology that a relatively long time is consumed in a verification process as a user is likely to incorrectly recognize a verification code.
  • the implementations of the present application provide an apparatus for verification based on a verification code, to alleviate a problem in the existing technology that a relatively long time is consumed in a verification process as a user is likely to incorrectly recognize a verification code.
  • An implementation of the present application provides a method for verification based on a verification code, including: receiving a verification request; obtaining a pre-generated first character string after receiving the verification request, where the first character string includes at least one variable character; replacing some or all variable characters with backup characters based on a pre-established correspondence between variable characters and backup characters, to obtain a second character string; and generating a verification code based on the second character string, and verifying a user corresponding to the verification request.
  • An implementation of the present application provides an apparatus for verification based on a verification code, including: a receiving module, configured to receive a verification request; an acquisition module, configured to obtain a pre-generated first character string after the verification request is received, where the first character string includes at least one variable character; a replacement module, configured to replace some or all variable characters with backup characters based on a pre-established correspondence between variable characters and backup characters, to obtain a second character string; and a verification module, configured to generate a verification code based on the second character string, and verify a user corresponding to the verification request.
  • the server When a server of a service provider verifies the user, the server performs a character replacement operation on a verification code.
  • a verification code generated through character replacement does not affect the user in terms of understanding a meaning of the verification code.
  • characters in the verification code in the implementations of the present application do not undergo character distortion, color change, or background addition.
  • the user can conveniently and accurately recognize the verification code.
  • the verification code obtained after character replacement possibly includes a plurality of types of characters, and does not comply with a common syntax. As such, it is difficult for the computer program to effectively recognize content represented by the verification code based on a recognition algorithm, thereby effectively reducing a possibility that the computer program performs an unauthorized operation.
  • the verification method provided in the implementations of the present application increases discemibility of the verification code, so that the user can intuitively understand the meaning of the verification code. Therefore, accuracy of recognizing the verification code by the user can be increased, and a time consumed in a verification process can be reduced. In addition, difficulty of recognizing the verification code by the computer program can be increased, and a possibility that the computer program performs an unauthorized operation can be effectively reduced.
  • a verification process can be based on an architecture shown in FIG. 2a , and the verification process can be implemented by a server on the back end of an online service provider.
  • the online service provider includes but is not limited to a service provider that can provide an online service, such as a website, a telecommunications operator, or a data center.
  • the server used to implement the verification process can be a server responsible for security maintenance, for example, a security center server on the back end of the online service provider. No limitation is imposed on the present application here. In the subsequent descriptions, the server on the back end of the online service provider is collectively referred to as a server.
  • a user can be understood as an operator who uses a service provided by the online service provider. It is worthwhile to note here that, in a verification scenario in the implementations of the present application, an authorized operator is an actual person, and an unauthorized operator is a computer script, a program, etc.
  • FIG. 2b shows a process for verification based on a verification code in an implementation of the present application. The process includes the steps below.
  • the verification request is usually generated after verification is triggered.
  • the verification request can be triggered by a user, or can be triggered by a server based on demands in actual applications.
  • the user can actively send a verification request.
  • the verification request is used to trigger a process for verification based on a verification code.
  • the process for verification based on a verification code can be used for account login.
  • a login interface such as an account login interface of a website
  • the server correspondingly receives the verification request sent by the user.
  • the server can verify an identity of the user based on a corresponding security rule. For example, the server actively generates a verification code at a pre-determined cycle. Alternatively, when determining that some operations of the user are risky, the server actively generates a verification code and initiates verification to the user, to determine that the operations are not performed by a computer program. Certainly, no limitation is imposed on the present application here.
  • the first character string includes at least one variable character.
  • the first character string can be understood as a marking character string that includes a number, a text, etc., and has an indication function.
  • the marking character string is easily recognized by the computer program, thereby increasing a risk of the verification process. Therefore, in this implementation of the present application, the first character string includes a variable character, and the variable character can be replaced with another character, so as to have an interference effect.
  • the backup character can be the same type of character as the variable character.
  • both the backup character and the variable character are Chinese characters, English characters, or numeric characters.
  • the backup character and the variable character can be different types of characters.
  • a Chinese character can be changed to pinyin. For example, " " is changed to "hong”.
  • a certain word (or phrase) can be changed to a homophonous word (or phrase). For example, " " can be changed to " ".”
  • the verification code can be displayed in a format of picture or text information, and is used to instruct the user to perform a certain operation. No limitation is imposed on the present application here.
  • the second character string is a character string obtained after character replacement. Therefore, the verification code generated based on the second character string can have an interference effect. Compared with an interference method in the existing technology such as character distortion, color change, or background addition, the meaning of the verification code obtained after character replacement in this implementation of the present application does not change. In addition, because the verification code is not displayed by using a complex method, the user can understand the meaning of the verification code and can easily recognize the verification code. Further, because character replacement is performed, it is difficult for a machine to recognize the verification code.
  • verification can be performed on a corresponding operator (that is, the user) to determine whether the operator is the user or the computer program.
  • the verification code can be displayed to the user in a corresponding verification interface (such as a login interface), and after the user performs a corresponding operation based on the verification code, verification is performed on the operation based on marking verification information.
  • a corresponding verification interface such as a login interface
  • the server performs a character replacement operation on a verification code.
  • a verification code generated through character replacement does not affect the user in terms of understanding a meaning of the verification code.
  • characters in the verification code in this implementation of the present application do not undergo character distortion, color change, or background addition.
  • the user can conveniently and accurately recognize the verification code.
  • the verification code obtained after character replacement possibly includes a plurality of types of characters, and does not comply with a common syntax. As such, it is difficult for the computer program to effectively recognize content represented by the verification code based on a recognition algorithm, thereby effectively reducing a possibility that the computer program performs an unauthorized operation.
  • the verification method provided in this implementation of the present application increases discernibility of the verification code, so that the user can intuitively understand the meaning of the verification code. Therefore, accuracy of recognizing the verification code by the user can be increased, and a time consumed in a verification process can be reduced. In addition, difficulty of recognizing the verification code by the computer program can be increased, and a possibility that the computer program performs an unauthorized operation can be effectively reduced.
  • the pre-establishing a correspondence between variable characters and backup characters specifically includes: determining at least one homophonous character and/or synonymous character of any variable character; using the determined homophonous character and/or synonymous character as a backup character of the variable character, and establishing a correspondence between the backup character and the variable character.
  • FIG. 3 is a schematic diagram of an architecture of generating the first character string.
  • variable characters can be replaced.
  • a character string of a certain verification code is a character string of " ".
  • the six Chinese characters in the character string are all variable characters.
  • only two variable characters " " and " " can be replaced.
  • the two variable characters respectively correspond to backup characters " " and " ". Therefore, the second character string obtained after the variable characters are replaced with the backup characters is " ".
  • variable characters correspond to different backup characters
  • a hybrid replacement method can be used. For example, the first character string " " is replaced with "xuan hong ".
  • a corresponding verification code can be generated based on the second character string obtained after character replacement.
  • the generating a verification code based on the second character string specifically includes: generating a verification code in a specified format based on the second character string.
  • the specified format includes at least one of a picture format and a text format.
  • the user generally performs a certain operation based on the verification code. For example, the user enters a corresponding character string based on the verification code, or the user performs a certain operation based on behavior indicated by the verification code.
  • the server needs to perform verification. To ensure verification accuracy, the server determines a verification standard. It can be understood that the marking verification information is a verification standard, and only when an operation of the user satisfies the verification standard, the verification can succeeds.
  • the user can enter a corresponding character string based on the verification code displayed in the verification interface.
  • the marking verification information is the first character string.
  • the verifying a user corresponding to the verification request specifically includes: generating an input area in a user verification interface; obtaining a character string that is to be verified and is entered by the user in the input area based on the verification code; and verifying, based on the first character string, the character string to be verified.
  • FIG. 4a shows a verification interface in this method.
  • the verification interface includes a verification code and a corresponding input area.
  • the user enters a corresponding character string in the input area based on the verification code for verification.
  • the verification can succeed only when the user enters a Chinese phrase " " (assume that the first character string is " ”) in the input area based on the verification code "hong " (which is the second character string in the verification code).
  • the user can perform a corresponding verification operation based on the verification code displayed in the verification interface.
  • the marking verification information includes pre-determined marking operation information.
  • the verifying a user corresponding to the verification request specifically includes: generating an operable verification code display area in a user verification interface; obtaining operation information that is to be verified and that is corresponding to an operation that is to be verified and that is performed by the user in the verification code display area based on the verification code; and verifying, based on the marking operation information, the operation information to be verified.
  • FIG. 4b shows a verification interface in this method. It can be seen that the verification interface includes an operable verification code display area that includes a verification code. The user can perform a corresponding operation to be verified in the verification code display area based on behavior indicated by the verification code.
  • the marking operation information is that operation controls "2" and "4" are tapped. In this case, the verification can succeed after the user taps the operation controls "2" and "4" in the verification code display area based on the verification code "Tap ou in the picture below".
  • an implementation of the present application further provides an apparatus for verification based on a verification code.
  • the verification apparatus is disposed on a server side of a service provider, and the apparatus includes: a receiving module 501, configured to receive a verification request; an acquisition module 502, configured to obtain a pre-generated first character string after the verification request is received, where the first character string includes at least one variable character; a replacement module 503, configured to replace some or all variable characters with backup characters based on a pre-established correspondence between variable characters and backup characters, to obtain a second character string; and a verification module 504, configured to generate a verification code based on the second character string, and verify a user corresponding to the verification request.
  • a receiving module 501 configured to receive a verification request
  • an acquisition module 502 configured to obtain a pre-generated first character string after the verification request is received, where the first character string includes at least one variable character
  • a replacement module 503 configured to replace some or all variable characters with backup characters based on a pre-established correspondence between variable characters and backup characters, to obtain a second character string
  • a verification module 504 configured to generate a verification
  • the apparatus further includes an establishment module 505, configured to determine at least one homophonous character and/or synonymous character of any variable character; and use the determined homophonous character and/or synonymous character as a backup character of the variable character, and establish a correspondence between the backup character and the variable character.
  • an establishment module 505 configured to determine at least one homophonous character and/or synonymous character of any variable character; and use the determined homophonous character and/or synonymous character as a backup character of the variable character, and establish a correspondence between the backup character and the variable character.
  • the verification module 504 generates a verification code in a specified format based on the second character string, where the specified format includes at least one of a picture format and a text format.
  • the verification module 504 generates an input area in a user verification interface; obtains a character string that is to be verified and is entered by the user in the input area based on the verification code; and verifies, based on the first character string, the character string to be verified.
  • the verification module 504 generates an operable verification code display area in a user verification interface; obtains operation information that is to be verified and is corresponding to an operation that is to be verified and is performed by the user in the verification code display area based on the verification code; and verifies, based on pre-determined marking operation information, the operation information to be verified.
  • a technical improvement is a hardware improvement (for example, an improvement to a circuit structure such as a diode, a transistor, or a switch) or a software improvement (an improvement to a method procedure) can be clearly distinguished.
  • a hardware improvement for example, an improvement to a circuit structure such as a diode, a transistor, or a switch
  • a software improvement an improvement to a method procedure
  • a designer usually programs an improved method procedure into a hardware circuit, to obtain a corresponding hardware circuit structure. Therefore, a method procedure can be improved by using a hardware entity module.
  • a programmable logic device such as a field programmable gate array (FPGA)
  • FPGA field programmable gate array
  • the designer performs programming to "integrate" a digital system to a PLD without requesting a chip manufacturer to design and produce an application-specific integrated circuit chip.
  • this type of programming is mostly implemented by using "logic compiler” software.
  • the software is similar to a software compiler used to develop and write a program. Original code needs to be written in a particular programming language for compilation. The language is referred to as a hardware description language (HDL).
  • HDL hardware description language
  • HDLs such as the Advanced Boolean Expression Language (ABEL), the Altera Hardware Description Language (AHDL), Confluence, the Cornell University Programming Language (CUPL), HDCal, the Java Hardware Description Language (JHDL), Lava, Lola, MyHDL, PALASM, and the Ruby Hardware Description Language (RHDL).
  • ABEL Advanced Boolean Expression Language
  • AHDL Altera Hardware Description Language
  • CUPL Cornell University Programming Language
  • HDCal the Java Hardware Description Language
  • JHDL Java Hardware Description Language
  • Lava Lola
  • MyHDL MyHDL
  • PALASM Ruby Hardware Description Language
  • RHDL Ruby Hardware Description Language
  • VHDL very-high-speed integrated circuit hardware description language
  • Verilog Verilog
  • a controller can be implemented by using any appropriate method.
  • the controller can be a microprocessor, a processor, or a computer-readable medium storing computer readable program code (such as software or firmware) that can be executed by the microprocessor or the processor, a logic gate, a switch, an application-specific integrated circuit (ASIC), a programmable logic controller, or an embedded microprocessor.
  • Examples of the controller include but are not limited to the following microprocessors: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320.
  • the memory controller can also be implemented as a part of the control logic of the memory.
  • controller can be considered as a hardware component, and an apparatus configured to implement various functions in the controller can also be considered as a structure in the hardware component. Or the apparatus configured to implement various functions can even be considered as both a software module implementing the method and a structure in the hardware component.
  • the system, apparatus, module, or unit illustrated in the previous implementations can be implemented by using a computer chip or an entity, or can be implemented by using a product having a certain function.
  • a typical implementation device is a computer.
  • the computer can be, for example, a personal computer, a laptop computer, a cellular phone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
  • an implementation of the present application can be provided as a method, a system, or a computer program product. Therefore, the present application can use a form of hardware only implementations, software only implementations, or implementations with a combination of software and hardware. Moreover, the present application can use a form of a computer program product that is implemented on one or more computer-usable storage media (including but not limited to a disk memory, a CD-ROM, or an optical memory) that include computer-usable program code.
  • computer-usable storage media including but not limited to a disk memory, a CD-ROM, or an optical memory
  • These computer program instructions can be provided for a general-purpose computer, a dedicated computer, an embedded processor, or a processor of another programmable data processing device to generate a machine, so that the instructions executed by the computer or the processor of the another programmable data processing device generate a device for implementing a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
  • These computer program instructions can be stored in a computer readable memory that can instruct the computer or the another programmable data processing device to work in a specific way, so that the instructions stored in the computer readable memory generate an artifact that includes an instruction device.
  • the instruction device implements a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
  • a computing device includes one or more processors (CPU), one or more input/output interfaces, one or more network interfaces, and one or more memories.
  • the memory can include a non-persistent memory, a random access memory (RAM), a non-volatile memory, and/or another form in a computer readable medium, for example, a read-only memory (ROM) or a flash memory (flash RAM).
  • RAM random access memory
  • flash RAM flash memory
  • the memory is an example of the computer readable medium.
  • the computer readable medium includes persistent, non-persistent, movable, and unmovable media that can store information by using any method or technology.
  • the information can be a computer readable instruction, a data structure, a program module, or other data.
  • Examples of a computer storage medium include but are not limited to a phase-change random access memory (PRAM), a static random access memory (SRAM), a dynamic random access memory (DRAM), another type of random access memory (RAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a flash memory or another memory technology, a compact disc read-only memory (CD-ROM), a digital versatile disc (DVD) or another optical storage, a cassette magnetic tape, a magnetic tape/magnetic disk storage or another magnetic storage device, or any other non-transmission medium.
  • the computer storage medium can be used to store information accessible by a computing device. Based on the definition in the present specification, the computer readable medium does not include transitory computer readable media
  • an implementation of the present application can be provided as a method, a system, or a computer program product. Therefore, the present application can use a form of hardware only implementations, software only implementations, or implementations with a combination of software and hardware. In addition, the present application can use a form of a computer program product that is implemented on one or more computer-usable storage media (including but not limited to a disk memory, a CD-ROM, or an optical memory) that include computer-usable program code.
  • computer-usable storage media including but not limited to a disk memory, a CD-ROM, or an optical memory
  • the present application can be described in the general context of computer executable instructions executed by a computer, for example, a program module.
  • the program module includes a routine, a program, an object, a component, a data structure, etc. that executes a specific task or implements a specific abstract data type.
  • the present application can also be practiced in distributed computing environments. In the distributed computing environments, tasks are performed by remote processing devices connected through a communications network. In the distributed computing environment, the program module can be located in both local and remote computer storage media including storage devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • User Interface Of Digital Computer (AREA)
  • Storage Device Security (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)
  • Document Processing Apparatus (AREA)

Description

    TECHNICAL FIELD
  • The present application relates to the field of computer technologies, and in particular, to a method and apparatus for verification based on a verification code.
    • BACKGROUND
  • Currently, a verification code, also referred to as Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), is widely used as a secure verification method. The verification code can be used to determine whether an operator is a user or an unauthorized program. The verification code can prevent unauthorized operations such as a malicious attempt to log in to a user account, cracking of a user password through enumeration, or sales volume manipulation or speaking through script control.
  • In the existing technology, to prevent the unauthorized program from automatically recognizing the verification code, a method for displaying the verification code is increasingly complex. The verification code is usually displayed by using the following methods: In a first method, as shown in FIG. 1a, the verification code is expressed by using a number or a text, and a background is added into a verification code display area, or the number or the text is distorted, to improve interference of the verification code. In a second method, as shown in FIG. 1b, a plurality of pictures and prompt information are provided, so that the user recognizes a corresponding quantity of specific pictures from the plurality of similar pictures based on the prompt information.
  • However, in the previous methods, the verification code is displayed by using a relatively complex method. Although an unauthorized script's automatic recognition can be interfered with, additional interference is also caused to the user. In other words, after the previous verification code is displayed to the user, a possibility that the user incorrectly recognizes the verification code increases. If an error occurs, the user needs to refresh the verification code and continue to recognize the newly generated verification code, until the verification succeeds. Apparently, the previous verification process in the existing technology possibly takes a long time. In particular, when a recognition error occurs, the user needs to repeatedly perform verification.
  • Document "Towards human interactive proofs in the text-domain using. the problem of sense-ambiguity for security" by BERGMAIR R ET AL, discloses presenting multiple replacements of texts to the user for assessment and depending of its accuracy and number of correct found synonyms, the user is judged as human or machine. US2012210393 discloses converting in the question to the user characters of a word by switching characters of the word or adding new characters.
    • SUMMARY
  • Implementations of the present application provide a method for verification based on a verification code, to alleviate a problem in the existing technology that a relatively long time is consumed in a verification process as a user is likely to incorrectly recognize a verification code.
  • The implementations of the present application provide an apparatus for verification based on a verification code, to alleviate a problem in the existing technology that a relatively long time is consumed in a verification process as a user is likely to incorrectly recognize a verification code.
  • The following technical solutions are used in the implementations of the present application.
  • An implementation of the present application provides a method for verification based on a verification code, including: receiving a verification request; obtaining a pre-generated first character string after receiving the verification request, where the first character string includes at least one variable character; replacing some or all variable characters with backup characters based on a pre-established correspondence between variable characters and backup characters, to obtain a second character string; and generating a verification code based on the second character string, and verifying a user corresponding to the verification request.
  • An implementation of the present application provides an apparatus for verification based on a verification code, including: a receiving module, configured to receive a verification request; an acquisition module, configured to obtain a pre-generated first character string after the verification request is received, where the first character string includes at least one variable character; a replacement module, configured to replace some or all variable characters with backup characters based on a pre-established correspondence between variable characters and backup characters, to obtain a second character string; and a verification module, configured to generate a verification code based on the second character string, and verify a user corresponding to the verification request.
  • At least one of the technical solutions used in the implementations of the present application can achieve the following beneficial effects:
  • When a server of a service provider verifies the user, the server performs a character replacement operation on a verification code. For the user, a verification code generated through character replacement does not affect the user in terms of understanding a meaning of the verification code. In addition, characters in the verification code in the implementations of the present application do not undergo character distortion, color change, or background addition. As such, the user can conveniently and accurately recognize the verification code. For a computer program, the verification code obtained after character replacement possibly includes a plurality of types of characters, and does not comply with a common syntax. As such, it is difficult for the computer program to effectively recognize content represented by the verification code based on a recognition algorithm, thereby effectively reducing a possibility that the computer program performs an unauthorized operation.
  • Compared with a verification method in the existing technology, the verification method provided in the implementations of the present application increases discemibility of the verification code, so that the user can intuitively understand the meaning of the verification code. Therefore, accuracy of recognizing the verification code by the user can be increased, and a time consumed in a verification process can be reduced. In addition, difficulty of recognizing the verification code by the computer program can be increased, and a possibility that the computer program performs an unauthorized operation can be effectively reduced.
    • BRIEF DESCRIPTION OF DRAWINGS
  • The accompanying drawings described here are intended to provide a further understanding of the present application, and constitute a part of the present application. The illustrative implementations of the present application and descriptions of the implementations are intended to describe the present application, and impose no limitation on the present application. In the accompanying drawings:
    • FIG. la and FIG. 1b are schematic diagrams illustrating verification codes in the existing technology;
    • FIG. 2a is a schematic diagram illustrating an architecture on which a process for verification based on a verification code is based, according to an implementation of the present application;
    • FIG. 2b is a schematic diagram illustrating a process for verification based on a verification code, according to an implementation of the present application;
    • FIG. 3 is a schematic diagram illustrating an architecture on which a method for generating a verification code used for character replacement is based, according to an implementation of the present application;
    • FIG. 4a and FIG. 4b are schematic diagrams illustrating verification interfaces in different verification methods, according to an implementation of the present application; and
    • FIG. 5 is a schematic structural diagram illustrating an apparatus for verification based on a verification code, according to an implementation of the present application.
    DESCRIPTION OF IMPLEMENTATIONS
  • To make the objectives, technical solutions, and advantages of the present application clearer, the following comprehensively describes the technical solutions of the present application with reference to specific implementations and accompanying drawings of the present application. Apparently, the described implementations are merely some rather than all of the implementations of the present application.
  • It is worthwhile to note that, in the implementations of the present application, a verification process can be based on an architecture shown in FIG. 2a, and the verification process can be implemented by a server on the back end of an online service provider. The online service provider includes but is not limited to a service provider that can provide an online service, such as a website, a telecommunications operator, or a data center. The server used to implement the verification process can be a server responsible for security maintenance, for example, a security center server on the back end of the online service provider. No limitation is imposed on the present application here. In the subsequent descriptions, the server on the back end of the online service provider is collectively referred to as a server.
  • A user can be understood as an operator who uses a service provided by the online service provider. It is worthwhile to note here that, in a verification scenario in the implementations of the present application, an authorized operator is an actual person, and an unauthorized operator is a computer script, a program, etc.
  • The technical solutions provided in the implementations of the present application are described in detail below with reference to the accompanying drawings.
  • FIG. 2b shows a process for verification based on a verification code in an implementation of the present application. The process includes the steps below.
  • S201. Receive a verification request.
  • In this implementation of the present application, the verification request is usually generated after verification is triggered. In actual operations, the verification request can be triggered by a user, or can be triggered by a server based on demands in actual applications.
  • In a possible scenario, the user can actively send a verification request. In this case, the verification request is used to trigger a process for verification based on a verification code. In an implementation of this scenario, the process for verification based on a verification code can be used for account login. In other words, after the user enters a login interface (such as an account login interface of a website), it can be considered that the user sends a verification request, and the server correspondingly receives the verification request sent by the user.
  • In another possible scenario, the server can verify an identity of the user based on a corresponding security rule. For example, the server actively generates a verification code at a pre-determined cycle. Alternatively, when determining that some operations of the user are risky, the server actively generates a verification code and initiates verification to the user, to determine that the operations are not performed by a computer program. Certainly, no limitation is imposed on the present application here.
  • S202. Obtain a pre-generated first character string after receiving the verification request.
  • The first character string includes at least one variable character.
  • The first character string can be understood as a marking character string that includes a number, a text, etc., and has an indication function.
  • In actual application scenarios, the marking character string is easily recognized by the computer program, thereby increasing a risk of the verification process. Therefore, in this implementation of the present application, the first character string includes a variable character, and the variable character can be replaced with another character, so as to have an interference effect.
  • S203. Replace some or all variable characters with backup characters based on a pre-established correspondence between variable characters and backup characters, to obtain a second character string.
  • The backup character can be the same type of character as the variable character. For example, both the backup character and the variable character are Chinese characters, English characters, or numeric characters. Alternatively, the backup character and the variable character can be different types of characters. In an implementation of the present application, a Chinese character can be changed to pinyin. For example, "
    Figure imgb0001
    " is changed to "hong". In another implementation, a certain word (or phrase) can be changed to a homophonous word (or phrase). For example, "
    Figure imgb0002
    " can be changed to "
    Figure imgb0003
    ".
  • It is worthwhile to note that, a meaning of the second character string obtained after character replacement does not change, that is, the user can still understand the meaning of the verification code and perform a corresponding operation based on the verification code.
  • S204. Generate a verification code based on the second character string, and verify a user corresponding to the verification request.
  • In actual operations, the verification code can be displayed in a format of picture or text information, and is used to instruct the user to perform a certain operation. No limitation is imposed on the present application here.
  • The second character string is a character string obtained after character replacement. Therefore, the verification code generated based on the second character string can have an interference effect. Compared with an interference method in the existing technology such as character distortion, color change, or background addition, the meaning of the verification code obtained after character replacement in this implementation of the present application does not change. In addition, because the verification code is not displayed by using a complex method, the user can understand the meaning of the verification code and can easily recognize the verification code. Further, because character replacement is performed, it is difficult for a machine to recognize the verification code.
  • In the previous descriptions, after the verification code is generated, verification can be performed on a corresponding operator (that is, the user) to determine whether the operator is the user or the computer program.
  • Certainly, in a feasible implementation of the present application, the verification code can be displayed to the user in a corresponding verification interface (such as a login interface), and after the user performs a corresponding operation based on the verification code, verification is performed on the operation based on marking verification information.
  • Based on the previous steps, when a server of a service provider verifies the user, the server performs a character replacement operation on a verification code. For the user, a verification code generated through character replacement does not affect the user in terms of understanding a meaning of the verification code. In addition, characters in the verification code in this implementation of the present application do not undergo character distortion, color change, or background addition. As such, the user can conveniently and accurately recognize the verification code. For the computer program, the verification code obtained after character replacement possibly includes a plurality of types of characters, and does not comply with a common syntax. As such, it is difficult for the computer program to effectively recognize content represented by the verification code based on a recognition algorithm, thereby effectively reducing a possibility that the computer program performs an unauthorized operation.
  • Compared with a verification method in the existing technology, the verification method provided in this implementation of the present application increases discernibility of the verification code, so that the user can intuitively understand the meaning of the verification code. Therefore, accuracy of recognizing the verification code by the user can be increased, and a time consumed in a verification process can be reduced. In addition, difficulty of recognizing the verification code by the computer program can be increased, and a possibility that the computer program performs an unauthorized operation can be effectively reduced.
  • It is worthwhile to note that, in this implementation of the present application, because the meaning of the verification code does not change after character replacement is performed on the verification code, characters in the verification code are actually replaced with homophonous or synonymous characters. That is, the pre-establishing a correspondence between variable characters and backup characters specifically includes: determining at least one homophonous character and/or synonymous character of any variable character; using the determined homophonous character and/or synonymous character as a backup character of the variable character, and establishing a correspondence between the backup character and the variable character.
  • It can be considered that the first character string described above is generated in advance based on a corresponding verification code generation rule and stored in a database on a server side, and FIG. 3 is a schematic diagram of an architecture of generating the first character string.
  • During character replacement, only some variable characters can be replaced. For example, a character string of a certain verification code is a character string of "
    Figure imgb0004
    ". Assume that the six Chinese characters in the character string are all variable characters. In actual operations, only two variable characters "
    Figure imgb0005
    " and "
    Figure imgb0006
    " can be replaced. Assume that the two variable characters respectively correspond to backup characters "
    Figure imgb0007
    " and "
    Figure imgb0008
    ". Therefore, the second character string obtained after the variable characters are replaced with the backup characters is "
    Figure imgb0009
    Figure imgb0010
    ".
  • Certainly, all characters can be replaced. For example, assume that two characters in the first character string "
    Figure imgb0011
    " are both variable characters, and backup characters respectively corresponding to the two characters are pinyin "hong" and "qiu". The second character string obtained after character replacement is "hongqiu".
  • In actual applications, if variable characters correspond to different backup characters, a hybrid replacement method can be used. For example, the first character string "
    Figure imgb0012
    " is replaced with "xuan
    Figure imgb0013
    hong
    Figure imgb0014
    ".
  • Apparently, based on the previous replacement method, the user can understand the meaning represented by the characters in the verification code, but the computer program is subject to relatively strong interference.
  • In actual operations, a corresponding verification code can be generated based on the second character string obtained after character replacement. The generating a verification code based on the second character string specifically includes: generating a verification code in a specified format based on the second character string. The specified format includes at least one of a picture format and a text format.
  • In actual application scenarios, the user generally performs a certain operation based on the verification code. For example, the user enters a corresponding character string based on the verification code, or the user performs a certain operation based on behavior indicated by the verification code. However, regardless of whether the user enters a character string or performs a certain operation, the server needs to perform verification. To ensure verification accuracy, the server determines a verification standard. It can be understood that the marking verification information is a verification standard, and only when an operation of the user satisfies the verification standard, the verification can succeeds.
  • In a verification method in the actual application scenario, the user can enter a corresponding character string based on the verification code displayed in the verification interface. In this method, the marking verification information is the first character string. The verifying a user corresponding to the verification request specifically includes: generating an input area in a user verification interface; obtaining a character string that is to be verified and is entered by the user in the input area based on the verification code; and verifying, based on the first character string, the character string to be verified.
  • That is, FIG. 4a shows a verification interface in this method. It can be seen that the verification interface includes a verification code and a corresponding input area. The user enters a corresponding character string in the input area based on the verification code for verification. Certainly, in FIG. 4a, the verification can succeed only when the user enters a Chinese phrase "
    Figure imgb0015
    " (assume that the first character string is "
    Figure imgb0016
    ") in the input area based on the verification code "hong
    Figure imgb0017
    " (which is the second character string in the verification code).
  • In another verification method in the actual application scenario, the user can perform a corresponding verification operation based on the verification code displayed in the verification interface. In this method, the marking verification information includes pre-determined marking operation information. The verifying a user corresponding to the verification request specifically includes: generating an operable verification code display area in a user verification interface; obtaining operation information that is to be verified and that is corresponding to an operation that is to be verified and that is performed by the user in the verification code display area based on the verification code; and verifying, based on the marking operation information, the operation information to be verified.
  • FIG. 4b shows a verification interface in this method. It can be seen that the verification interface includes an operable verification code display area that includes a verification code. The user can perform a corresponding operation to be verified in the verification code display area based on behavior indicated by the verification code. In FIG. 4b, assume that the marking operation information is that operation controls "2" and "4" are tapped. In this case, the verification can succeed after the user taps the operation controls "2" and "4" in the verification code display area based on the verification code "Tap ou
    Figure imgb0018
    in the picture below".
  • Certainly, the previous two methods are merely intended to describe the verification method in this implementation of the present application, and impose no limitation on the present application.
  • The verification method provided in an implementation of the present application is described above. Based on the same idea, an implementation of the present application further provides an apparatus for verification based on a verification code.
  • As shown in FIG. 5, the verification apparatus is disposed on a server side of a service provider, and the apparatus includes: a receiving module 501, configured to receive a verification request; an acquisition module 502, configured to obtain a pre-generated first character string after the verification request is received, where the first character string includes at least one variable character; a replacement module 503, configured to replace some or all variable characters with backup characters based on a pre-established correspondence between variable characters and backup characters, to obtain a second character string; and a verification module 504, configured to generate a verification code based on the second character string, and verify a user corresponding to the verification request.
  • The apparatus further includes an establishment module 505, configured to determine at least one homophonous character and/or synonymous character of any variable character; and use the determined homophonous character and/or synonymous character as a backup character of the variable character, and establish a correspondence between the backup character and the variable character.
  • The verification module 504 generates a verification code in a specified format based on the second character string, where the specified format includes at least one of a picture format and a text format.
  • The verification module 504 generates an input area in a user verification interface; obtains a character string that is to be verified and is entered by the user in the input area based on the verification code; and verifies, based on the first character string, the character string to be verified.
  • The verification module 504 generates an operable verification code display area in a user verification interface; obtains operation information that is to be verified and is corresponding to an operation that is to be verified and is performed by the user in the verification code display area based on the verification code; and verifies, based on pre-determined marking operation information, the operation information to be verified.
  • In the 1990s, whether a technical improvement is a hardware improvement (for example, an improvement to a circuit structure such as a diode, a transistor, or a switch) or a software improvement (an improvement to a method procedure) can be clearly distinguished. However, as technologies develop, current improvements to many method procedures can be considered as direct improvements to hardware circuit structures. A designer usually programs an improved method procedure into a hardware circuit, to obtain a corresponding hardware circuit structure. Therefore, a method procedure can be improved by using a hardware entity module. For example, a programmable logic device (PLD) (such as a field programmable gate array (FPGA)) is such an integrated circuit, and a logical function of the PLD is determined by a user through device programming. The designer performs programming to "integrate" a digital system to a PLD without requesting a chip manufacturer to design and produce an application-specific integrated circuit chip. In addition, at present, instead of manually manufacturing an integrated chip, this type of programming is mostly implemented by using "logic compiler" software. The software is similar to a software compiler used to develop and write a program. Original code needs to be written in a particular programming language for compilation. The language is referred to as a hardware description language (HDL). There are many HDLs, such as the Advanced Boolean Expression Language (ABEL), the Altera Hardware Description Language (AHDL), Confluence, the Cornell University Programming Language (CUPL), HDCal, the Java Hardware Description Language (JHDL), Lava, Lola, MyHDL, PALASM, and the Ruby Hardware Description Language (RHDL). The very-high-speed integrated circuit hardware description language (VHDL) and Verilog are most commonly used. A person skilled in the art should also understand that a hardware circuit that implements a logical method procedure can be readily obtained once the method procedure is logically programmed by using the several described hardware description languages and is programmed into an integrated circuit.
  • A controller can be implemented by using any appropriate method. For example, the controller can be a microprocessor, a processor, or a computer-readable medium storing computer readable program code (such as software or firmware) that can be executed by the microprocessor or the processor, a logic gate, a switch, an application-specific integrated circuit (ASIC), a programmable logic controller, or an embedded microprocessor. Examples of the controller include but are not limited to the following microprocessors: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320. The memory controller can also be implemented as a part of the control logic of the memory. A person skilled in the art also knows that, in addition to implementing the controller by using the computer readable program code, logic programming can be performed on method steps to enable the controller to implement the same function in forms of the logic gate, the switch, the application-specific integrated circuit, the programmable logic controller, and the embedded microcontroller. Therefore, the controller can be considered as a hardware component, and an apparatus configured to implement various functions in the controller can also be considered as a structure in the hardware component. Or the apparatus configured to implement various functions can even be considered as both a software module implementing the method and a structure in the hardware component.
  • The system, apparatus, module, or unit illustrated in the previous implementations can be implemented by using a computer chip or an entity, or can be implemented by using a product having a certain function. A typical implementation device is a computer. The computer can be, for example, a personal computer, a laptop computer, a cellular phone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
  • For ease of description, the apparatus above is described by dividing functions into various units. Certainly, when the present application is implemented, functions of each unit can be implemented in one or more pieces of software and/or hardware.
  • A person skilled in the art should understand that an implementation of the present application can be provided as a method, a system, or a computer program product. Therefore, the present application can use a form of hardware only implementations, software only implementations, or implementations with a combination of software and hardware. Moreover, the present application can use a form of a computer program product that is implemented on one or more computer-usable storage media (including but not limited to a disk memory, a CD-ROM, or an optical memory) that include computer-usable program code.
  • The present application is described with reference to the flowcharts and/or block diagrams of the method, the device (system), and the computer program product based on the implementations of the present application. It is worthwhile to note that computer program instructions can be used to implement each process and/or each block in the flowcharts and/or the block diagrams and a combination of a process and/or a block in the flowcharts and/or the block diagrams. These computer program instructions can be provided for a general-purpose computer, a dedicated computer, an embedded processor, or a processor of another programmable data processing device to generate a machine, so that the instructions executed by the computer or the processor of the another programmable data processing device generate a device for implementing a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
  • These computer program instructions can be stored in a computer readable memory that can instruct the computer or the another programmable data processing device to work in a specific way, so that the instructions stored in the computer readable memory generate an artifact that includes an instruction device. The instruction device implements a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
  • These computer program instructions can be loaded onto the computer or another programmable data processing device, so that a series of operations and operations and steps are performed on the computer or the another programmable device, thereby generating computer-implemented processing. Therefore, the instructions executed on the computer or the another programmable device provide steps for implementing a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
  • In a typical configuration, a computing device includes one or more processors (CPU), one or more input/output interfaces, one or more network interfaces, and one or more memories.
  • The memory can include a non-persistent memory, a random access memory (RAM), a non-volatile memory, and/or another form in a computer readable medium, for example, a read-only memory (ROM) or a flash memory (flash RAM). The memory is an example of the computer readable medium.
  • The computer readable medium includes persistent, non-persistent, movable, and unmovable media that can store information by using any method or technology. The information can be a computer readable instruction, a data structure, a program module, or other data. Examples of a computer storage medium include but are not limited to a phase-change random access memory (PRAM), a static random access memory (SRAM), a dynamic random access memory (DRAM), another type of random access memory (RAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a flash memory or another memory technology, a compact disc read-only memory (CD-ROM), a digital versatile disc (DVD) or another optical storage, a cassette magnetic tape, a magnetic tape/magnetic disk storage or another magnetic storage device, or any other non-transmission medium. The computer storage medium can be used to store information accessible by a computing device. Based on the definition in the present specification, the computer readable medium does not include transitory computer readable media (transitory media), for example, a modulated data signal and carrier.
  • It is worthwhile to further note that the term "include", "comprise", or their any other variants is intended to cover a non-exclusive inclusion, so a process, a method, a product, or a device that includes a list of elements not only includes those elements but also includes other elements which are not expressly listed, or further includes elements inherent to such a process, method, product, or device. Without more constraints, an element preceded by "includes a ..." does not preclude the existence of additional identical elements in the process, method, product, or device that includes the element.
  • A person skilled in the art should understand that an implementation of the present application can be provided as a method, a system, or a computer program product. Therefore, the present application can use a form of hardware only implementations, software only implementations, or implementations with a combination of software and hardware. In addition, the present application can use a form of a computer program product that is implemented on one or more computer-usable storage media (including but not limited to a disk memory, a CD-ROM, or an optical memory) that include computer-usable program code.
  • The present application can be described in the general context of computer executable instructions executed by a computer, for example, a program module. Generally, the program module includes a routine, a program, an object, a component, a data structure, etc. that executes a specific task or implements a specific abstract data type. The present application can also be practiced in distributed computing environments. In the distributed computing environments, tasks are performed by remote processing devices connected through a communications network. In the distributed computing environment, the program module can be located in both local and remote computer storage media including storage devices.
  • The implementations in the present specification are described in a progressive way. For same or similar parts of the implementations, references can be made to the implementations. Each implementation focuses on a difference from other implementations. Particularly, a system implementation is basically similar to a method implementation, and therefore is described briefly. For related parts, references can be made to related descriptions in the method implementation.
  • The previous descriptions are only implementations of the present application, and are not intended to limit the present application. A person skilled in the art can make various modifications and changes to the present application.

Claims (7)

  1. A method for verification based on a verification code, the method comprising:
    receiving (S201) a verification request;
    obtaining (S202) a pre-generated first character string after receiving the verification request, wherein the first character string comprises at least one variable character;
    replacing (S203) some or all variable characters with backup characters based on a pre-established correspondence between variable characters and backup characters, to obtain a second character string, wherein the first character string has a meaning and the second character string has the same meaning to a person;
    generating (S204) a verification code based on the second character string, wherein characters in the verification code do not undergo character distortion, color change, or background addition, and the verification code has the same meaning to a person;
    displaying the verification code and an input area corresponding to the verification code, wherein the input area includes a plurality of selectable items, and the verification code is displayed in the form of text information that instructs a user to select one or more selectable items from the plurality of selectable items;
    receiving a user input in the input area from the user, the user input corresponding to the verification code; and
    verifying (S204) the user corresponding to the verification request as being a person based on the user input and the first character string.
  2. The method according to claim 1, comprising:
    generating the pre-established correspondence between the variable characters and the backup characters, the generating comprising:
    determining at least one of a homophonous character and a synonymous character of any variable character;
    using the at least one of the determined homophonous character and the synonymous character as a backup character of said any variable character; and
    establishing a correspondence between the backup character and said any variable character.
  3. The method according to claim 1, wherein verifying the user corresponding to the verification request specifically comprises:
    generating an input area in a user verification interface;
    obtaining a character string that is to be verified and is entered by the user in the input area based on the verification code; and
    verifying, based on the first character string, the character string to be verified.
  4. The method according to claim 1, wherein verifying the user corresponding to the verification request specifically comprises:
    generating an operable verification code display area in a user verification interface;
    obtaining operation information that is to be verified and is corresponding to an operation that is to be verified and is performed by the user in the verification code display area based on the verification code; and
    verifying, based on pre-determined marking operation information, the operation information to be verified.
  5. The method according to claim 1, wherein the variable character and the backup character correspond to same types of characters.
  6. The method according to claim 1, wherein the first character string is generated in advance based on a corresponding verification code generation rule and stored in a database on a server side.
  7. An apparatus for verification based on a verification code, the apparatus comprising a plurality of modules (501, 502, 503, 504, 505) configured to perform the method of any one of claims 1 to 6.
EP17879427.7A 2016-12-08 2017-11-29 Validation code based verification method and device Active EP3554000B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PL17879427T PL3554000T3 (en) 2016-12-08 2017-11-29 Validation code based verification method and device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201611125263.0A CN106899411B (en) 2016-12-08 2016-12-08 Verification method and device based on verification code
PCT/CN2017/113595 WO2018103564A1 (en) 2016-12-08 2017-11-29 Validation code based verification method and device

Publications (3)

Publication Number Publication Date
EP3554000A1 EP3554000A1 (en) 2019-10-16
EP3554000A4 EP3554000A4 (en) 2019-11-06
EP3554000B1 true EP3554000B1 (en) 2021-05-19

Family

ID=59197816

Family Applications (1)

Application Number Title Priority Date Filing Date
EP17879427.7A Active EP3554000B1 (en) 2016-12-08 2017-11-29 Validation code based verification method and device

Country Status (10)

Country Link
US (1) US10719599B2 (en)
EP (1) EP3554000B1 (en)
JP (1) JP6894511B2 (en)
KR (1) KR102194072B1 (en)
CN (1) CN106899411B (en)
ES (1) ES2882535T3 (en)
PL (1) PL3554000T3 (en)
SG (1) SG11201905215TA (en)
TW (1) TWI756266B (en)
WO (1) WO2018103564A1 (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106899411B (en) * 2016-12-08 2021-09-21 创新先进技术有限公司 Verification method and device based on verification code
CN109087368B (en) * 2018-06-14 2023-04-07 创新先进技术有限公司 Character string graphical method and device
CN109117624A (en) * 2018-08-03 2019-01-01 上海掌门科技有限公司 Generate method, electronic equipment and the computer-readable medium of identifying code image
CN109359274B (en) * 2018-09-14 2023-05-02 蚂蚁金服(杭州)网络技术有限公司 Method, device and equipment for identifying character strings generated in batch
CN109635256B (en) * 2018-12-20 2023-07-11 上海掌门科技有限公司 Method and device for verifying data
US10614207B1 (en) * 2019-07-09 2020-04-07 Capital One Services, Llc Generating captcha images using variations of the same object
US10496809B1 (en) 2019-07-09 2019-12-03 Capital One Services, Llc Generating a challenge-response for authentication using relations among objects
CN110677239B (en) * 2019-08-26 2022-09-06 深圳市共进电子股份有限公司 Verification code generation method and device
CN111177688B (en) * 2019-12-26 2022-10-14 微梦创科网络科技(中国)有限公司 Security authentication method and device based on shape-similar language mixed font
CN111611767B (en) * 2020-05-21 2023-04-25 北京百度网讯科技有限公司 Verification method and device
CN111953647B (en) * 2020-06-22 2022-09-27 北京百度网讯科技有限公司 Security verification method and device, electronic equipment and storage medium
CN111966669B (en) * 2020-06-29 2024-03-15 浪潮通用软件有限公司 Report data verification method, device and medium
CN114980119B (en) * 2020-12-02 2024-06-11 支付宝(杭州)信息技术有限公司 Method, device and equipment for connecting equipment
CN112685725B (en) * 2020-12-30 2022-12-06 上海掌门科技有限公司 Security verification method and device
CN112966252B (en) * 2021-04-26 2023-11-24 平安国际智慧城市科技股份有限公司 Client verification method and device based on password technology, electronic equipment and medium
CN113191776A (en) * 2021-04-30 2021-07-30 中国银行股份有限公司 User classification method and device based on mobile banking
CN114465762A (en) * 2021-12-24 2022-05-10 安徽航天信息有限公司 Verification code generation method and device based on context and storage medium
CN115037515A (en) * 2022-04-29 2022-09-09 北京龙腾佳讯科技股份公司 Stateless verification code verification method and device in open data network and electronic equipment

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7890426B2 (en) 2004-11-19 2011-02-15 Vectorsgi, Inc. Method and system for verifying check images
US7552467B2 (en) * 2006-04-24 2009-06-23 Jeffrey Dean Lindsay Security systems for protecting an asset
US20110055585A1 (en) * 2008-07-25 2011-03-03 Kok-Wah Lee Methods and Systems to Create Big Memorizable Secrets and Their Applications in Information Engineering
CN101895542B (en) * 2010-07-05 2013-03-20 北京畅游时空软件技术有限公司 Verification code acquiring method and device
CN102075507A (en) * 2010-07-30 2011-05-25 百度在线网络技术(北京)有限公司 User verification method and equipment based on word-sentence verification diagram
ES2740636T3 (en) * 2010-08-31 2020-02-06 Rakuten Inc Response determination device, response determination method, response determination program, recording medium and response determination system
CN101976430A (en) * 2010-10-29 2011-02-16 赵俊平 Method for generating picture verification codes and system thereof
US8885931B2 (en) * 2011-01-26 2014-11-11 Microsoft Corporation Mitigating use of machine solvable HIPs
US8978121B2 (en) * 2013-01-04 2015-03-10 Gary Stephen Shuster Cognitive-based CAPTCHA system
CN104283682A (en) * 2013-07-08 2015-01-14 深圳市腾讯计算机系统有限公司 Method, device and system conducting verification through verification codes
US9202076B1 (en) * 2013-07-26 2015-12-01 Symantec Corporation Systems and methods for sharing data stored on secure third-party storage platforms
CN104796252A (en) * 2014-01-20 2015-07-22 北京大学 Variable data label anti-counterfeiting method, variable data label anti-counterfeiting device, variable data label authenticating method and variable data label authenticating system
US10061914B2 (en) * 2014-11-14 2018-08-28 Mcafee, Llc Account recovery protocol
TWI546693B (en) 2014-12-10 2016-08-21 英業達股份有限公司 Login system capable of integration verification code and password and method thereof
KR101647027B1 (en) * 2015-03-02 2016-08-23 주식회사 사람들과사람들 Device for authenticating user using variable pattern based on reference point and method thereof
CN104794385A (en) 2015-03-03 2015-07-22 新浪网技术(中国)有限公司 Information verification method and device
CN104883351B (en) 2015-03-13 2019-02-12 小米科技有限责任公司 Multiple-factor authentication method and device
CN106156597A (en) * 2015-04-16 2016-11-23 深圳市腾讯计算机系统有限公司 The implementation method of a kind of identifying code, and device
CN106899411B (en) * 2016-12-08 2021-09-21 创新先进技术有限公司 Verification method and device based on verification code

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None *

Also Published As

Publication number Publication date
TWI756266B (en) 2022-03-01
CN106899411A (en) 2017-06-27
JP6894511B2 (en) 2021-06-30
EP3554000A1 (en) 2019-10-16
TW201822048A (en) 2018-06-16
SG11201905215TA (en) 2019-08-27
KR20190091529A (en) 2019-08-06
PL3554000T3 (en) 2021-11-02
CN106899411B (en) 2021-09-21
US20190251243A1 (en) 2019-08-15
ES2882535T3 (en) 2021-12-02
EP3554000A4 (en) 2019-11-06
WO2018103564A1 (en) 2018-06-14
JP2020501279A (en) 2020-01-16
US10719599B2 (en) 2020-07-21
KR102194072B1 (en) 2020-12-23

Similar Documents

Publication Publication Date Title
EP3554000B1 (en) Validation code based verification method and device
US11316702B2 (en) Verification-based service authorization
US10726028B2 (en) Method and apparatus for matching names
US10331871B2 (en) Password input interface
CN110445769B (en) Access method and device of business system
US9596087B2 (en) Token authentication for touch sensitive display devices
US9563763B1 (en) Enhanced captchas
CN111835714A (en) Information verification processing method, client and server
US11461503B2 (en) Service processing method and apparatus
WO2016206558A1 (en) Method of generating completely automated public turing test to tell computers and humans apart (captcha) and device utilizing same
CN105844180A (en) Starting method and device of input method keyboard
CN108959865B (en) Verification method and device
US10289864B2 (en) Security tool to prevent sensitive data leakage
US10346606B2 (en) Generation of a captcha on a handheld touch screen device
US9460344B2 (en) Generating multi-logogram phrases from logogram radicals
US20200065368A1 (en) Implementing enhanced autocomplete via multiple mobile keyboards

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20190708

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

A4 Supplementary search report drawn up and despatched

Effective date: 20191009

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 21/31 20130101ALI20191002BHEP

Ipc: H04L 9/32 20060101AFI20191002BHEP

Ipc: G06F 21/36 20130101ALI20191002BHEP

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20200609

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

INTG Intention to grant announced

Effective date: 20201207

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ADVANCED NEW TECHNOLOGIES CO., LTD.

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602017039030

Country of ref document: DE

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 1395056

Country of ref document: AT

Kind code of ref document: T

Effective date: 20210615

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: FI

Ref legal event code: FGE

REG Reference to a national code

Ref country code: NL

Ref legal event code: FP

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG9D

REG Reference to a national code

Ref country code: NO

Ref legal event code: T2

Effective date: 20210519

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 1395056

Country of ref document: AT

Kind code of ref document: T

Effective date: 20210519

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210819

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210920

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210820

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210919

REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2882535

Country of ref document: ES

Kind code of ref document: T3

Effective date: 20211202

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602017039030

Country of ref document: DE

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20220222

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210919

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20211129

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20211130

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20211130

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20211129

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: TR

Payment date: 20221124

Year of fee payment: 6

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230521

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20171129

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: NL

Payment date: 20231126

Year of fee payment: 7

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20231127

Year of fee payment: 7

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: ES

Payment date: 20231201

Year of fee payment: 7

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: NO

Payment date: 20231129

Year of fee payment: 7

Ref country code: IT

Payment date: 20231122

Year of fee payment: 7

Ref country code: FR

Payment date: 20231127

Year of fee payment: 7

Ref country code: FI

Payment date: 20231127

Year of fee payment: 7

Ref country code: DE

Payment date: 20231129

Year of fee payment: 7

Ref country code: CH

Payment date: 20231201

Year of fee payment: 7

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: PL

Payment date: 20231102

Year of fee payment: 7

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210519